View Javadoc
1 package org.apache.turbine.services.security.db; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 import java.util.ArrayList; 58 import java.util.Hashtable; 59 import java.util.Iterator; 60 import java.util.List; 61 import java.util.Vector; 62 import org.apache.torque.om.BaseObject; 63 import org.apache.torque.util.Criteria; 64 import org.apache.turbine.om.security.Group; 65 import org.apache.turbine.om.security.Permission; 66 import org.apache.turbine.om.security.Role; 67 import org.apache.turbine.om.security.SecurityObject; 68 import org.apache.turbine.om.security.TurbineGroup; 69 import org.apache.turbine.om.security.TurbinePermission; 70 import org.apache.turbine.om.security.TurbineRole; 71 import org.apache.turbine.om.security.User; 72 import org.apache.turbine.om.security.peer.GroupPeer; 73 import org.apache.turbine.om.security.peer.PermissionPeer; 74 import org.apache.turbine.om.security.peer.RolePeer; 75 import org.apache.turbine.om.security.peer.RolePermissionPeer; 76 import org.apache.turbine.om.security.peer.UserGroupRolePeer; 77 import org.apache.turbine.om.security.peer.UserPeer; 78 import org.apache.turbine.services.security.BaseSecurityService; 79 import org.apache.turbine.services.security.TurbineSecurity; 80 import org.apache.turbine.util.Log; 81 import org.apache.turbine.util.security.AccessControlList; 82 import org.apache.turbine.util.security.DataBackendException; 83 import org.apache.turbine.util.security.EntityExistsException; 84 import org.apache.turbine.util.security.GroupSet; 85 import org.apache.turbine.util.security.PermissionSet; 86 import org.apache.turbine.util.security.RoleSet; 87 import org.apache.turbine.util.security.UnknownEntityException; 88 89 /*** 90 * An implementation of SecurityService that uses a database as backend. 91 * 92 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 93 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 94 * @version $Id: DBSecurityService.java,v 1.6 2002/07/11 07:34:31 mpoeschl Exp $ 95 */ 96 public class DBSecurityService extends BaseSecurityService 97 { 98 /*** 99 * The key within services's properties for user implementation 100 * classname (user.class) - Leandro 101 */ 102 public static final String USER_PEER_CLASS_KEY = "userPeer.class"; 103 104 /*** 105 * The default implementation of User interface 106 * (org.apache.turbine.om.security.DBUser) 107 */ 108 public static final String USER_PEER_CLASS_DEFAULT = 109 "org.apache.turbine.om.security.peer.TurbineUserPeer"; 110 111 /*----------------------------------------------------------------------- 112 Creation of AccessControlLists 113 -----------------------------------------------------------------------*/ 114 115 /*** 116 * Constructs an AccessControlList for a specific user. 117 * 118 * This method creates a snapshot of the state of security information 119 * concerning this user, at the moment of invocation and stores it 120 * into an AccessControlList object. 121 * 122 * @param user the user for whom the AccessControlList are to be retrieved 123 * @throws DataBackendException if there was an error accessing the data backend. 124 * @throws UnknownEntityException if user account is not present. 125 */ 126 public AccessControlList getACL( User user ) 127 throws DataBackendException, UnknownEntityException 128 { 129 if(!TurbineSecurity.accountExists(user)) 130 { 131 throw new UnknownEntityException("The account '" + 132 user.getUserName() + "' does not exist"); 133 } 134 try 135 { 136 Hashtable roles = new Hashtable(); 137 Hashtable permissions = new Hashtable(); 138 // notify the state modifiers (writers) that we want to create the snapshot. 139 lockShared(); 140 141 // construct the snapshot: 142 143 // foreach group in the system 144 Iterator groupsIterator = getAllGroups().elements(); 145 while(groupsIterator.hasNext()) 146 { 147 Group group = (Group)groupsIterator.next(); 148 // get roles of user in the group 149 RoleSet groupRoles = RolePeer.retrieveSet( user, group ); 150 // put the Set into roles(group) 151 roles.put(group, groupRoles); 152 // collect all permissoins in this group 153 PermissionSet groupPermissions = new PermissionSet(); 154 // foreach role in Set 155 Iterator rolesIterator = groupRoles.elements(); 156 while(rolesIterator.hasNext()) 157 { 158 Role role = (Role)rolesIterator.next(); 159 // get permissions of the role 160 PermissionSet rolePermissions = PermissionPeer.retrieveSet(role); 161 groupPermissions.add(rolePermissions); 162 } 163 // put the Set into permissions(group) 164 permissions.put(group, groupPermissions); 165 } 166 return new AccessControlList(roles, permissions); 167 } 168 catch(Exception e) 169 { 170 throw new DataBackendException("Failed to build ACL for user '" + 171 user.getUserName() + "'" , e); 172 } 173 finally 174 { 175 // notify the state modifiers that we are done creating the snapshot. 176 unlockShared(); 177 } 178 } 179 180 /*----------------------------------------------------------------------- 181 Security management 182 -----------------------------------------------------------------------*/ 183 184 /*** 185 * Grant an User a Role in a Group. 186 * 187 * @param User the user. 188 * @param Group the group. 189 * @param Role the role. 190 * @throws DataBackendException if there was an error accessing the data backend. 191 * @throws UnknownEntityException if user account, group or role is not present. 192 */ 193 public synchronized void grant( User user, Group group, Role role ) 194 throws DataBackendException, UnknownEntityException 195 { 196 boolean userExists = false; 197 boolean groupExists = false; 198 boolean roleExists = false; 199 try 200 { 201 lockExclusive(); 202 userExists=TurbineSecurity.accountExists(user); 203 groupExists=checkExists(group); 204 roleExists=checkExists(role); 205 if(userExists && groupExists && roleExists) 206 { 207 Criteria criteria = new Criteria(); 208 criteria.add(UserGroupRolePeer.USER_ID, 209 ((BaseObject)user).getPrimaryKey()); 210 criteria.add(UserGroupRolePeer.GROUP_ID, ((BaseObject)group).getPrimaryKey()); 211 criteria.add(UserGroupRolePeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey()); 212 UserGroupRolePeer.doInsert(criteria); 213 return; 214 } 215 } 216 catch(Exception e) 217 { 218 throw new DataBackendException("grant(User,Group,Role) failed", e); 219 } 220 finally 221 { 222 unlockExclusive(); 223 } 224 if(!userExists) 225 { 226 throw new UnknownEntityException("Unknown user '" + 227 user.getUserName() + "'"); 228 } 229 if(!groupExists) 230 { 231 throw new UnknownEntityException("Unknown group '" + 232 ((SecurityObject)group).getName() + "'"); 233 } 234 if(!roleExists) 235 { 236 throw new UnknownEntityException("Unknown role '" + 237 role.getName() + "'"); 238 } 239 } 240 241 /*** 242 * Revoke a Role in a Group from an User. 243 * 244 * @param User the user. 245 * @param Group the group. 246 * @param Role the role. 247 * @throws DataBackendException if there was an error accessing the data backend. 248 * @throws UnknownEntityException if user account, group or role is not present. 249 */ 250 public synchronized void revoke( User user, Group group, Role role ) 251 throws DataBackendException, UnknownEntityException 252 { 253 boolean userExists = false; 254 boolean groupExists = false; 255 boolean roleExists = false; 256 try 257 { 258 lockExclusive(); 259 userExists=TurbineSecurity.accountExists(user); 260 groupExists=checkExists(group); 261 roleExists=checkExists(role); 262 if(userExists && groupExists && roleExists) 263 { 264 Criteria criteria = new Criteria(); 265 criteria.add(UserGroupRolePeer.USER_ID, 266 ((BaseObject)user).getPrimaryKey()); 267 criteria.add(UserGroupRolePeer.GROUP_ID, 268 ((BaseObject)group).getPrimaryKey()); 269 criteria.add(UserGroupRolePeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey()); 270 UserGroupRolePeer.doDelete(criteria); 271 return; 272 } 273 } 274 catch(Exception e) 275 { 276 throw new DataBackendException("revoke(User,Role,Group) failed", e); 277 } 278 finally 279 { 280 unlockExclusive(); 281 } 282 if(!userExists) 283 { 284 throw new UnknownEntityException("Unknown user '" + 285 user.getUserName() + "'"); 286 } 287 if(!groupExists) 288 { 289 throw new UnknownEntityException("Unknown group '" + 290 ((SecurityObject)group).getName() + "'"); 291 } 292 if(!roleExists) 293 { 294 throw new UnknownEntityException("Unknown role '" + 295 role.getName() + "'"); 296 } 297 } 298 299 /*** 300 * Revokes all roles from an User. 301 * 302 * This method is used when deleting an account. 303 * 304 * @param user the User. 305 * @throws DataBackendException if there was an error accessing the data backend. 306 * @throws UnknownEntityException if the account is not present. 307 */ 308 public synchronized void revokeAll( User user ) 309 throws DataBackendException, UnknownEntityException 310 { 311 boolean userExists = false; 312 try 313 { 314 lockExclusive(); 315 userExists=TurbineSecurity.accountExists(user); 316 if(userExists) 317 { 318 // The following would not work, due to an annoying misfeature of Village. 319 // Village allows only a single row to be deleted at a time. I wish that 320 // it was possible to disable this behaviour! 321 322 // Criteria criteria = new Criteria(); 323 // criteria.add(UserGroupRolePeer.USER_ID, ((BaseObject)user).getPrimaryKey()); 324 // UserGroupRolePeer.doDelete(criteria); 325 int id = ((BaseObject)user).getPrimaryKeyAsInt(); 326 UserGroupRolePeer.deleteAll(UserGroupRolePeer.TABLE_NAME, UserGroupRolePeer.USER_ID, id); 327 return; 328 } 329 } 330 catch(Exception e) 331 { 332 throw new DataBackendException("revokeAll(User) failed", e); 333 } 334 finally 335 { 336 unlockExclusive(); 337 } 338 throw new UnknownEntityException("Unknown user '"+user.getUserName()+"'"); 339 } 340 341 /*** 342 * Grants a Role a Permission 343 * 344 * @param role the Role. 345 * @param permission the Permission. 346 * @throws DataBackendException if there was an error accessing the data backend. 347 * @throws UnknownEntityException if role or permission is not present. 348 */ 349 public synchronized void grant( Role role, Permission permission ) 350 throws DataBackendException, UnknownEntityException 351 { 352 boolean roleExists = false; 353 boolean permissionExists = false; 354 try 355 { 356 lockExclusive(); 357 roleExists=checkExists(role); 358 permissionExists=checkExists(permission); 359 if(roleExists && permissionExists) 360 { 361 Criteria criteria = new Criteria(); 362 criteria.add(RolePermissionPeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey()); 363 criteria.add(RolePermissionPeer.PERMISSION_ID, 364 ((BaseObject)permission).getPrimaryKey()); 365 UserGroupRolePeer.doInsert(criteria); 366 return; 367 } 368 } 369 catch(Exception e) 370 { 371 throw new DataBackendException("grant(Role,Permission) failed", e); 372 } 373 finally 374 { 375 unlockExclusive(); 376 } 377 if(!roleExists) 378 { 379 throw new UnknownEntityException("Unknown role '" + 380 role.getName() + "'"); 381 } 382 if(!permissionExists) 383 { 384 throw new UnknownEntityException("Unknown permission '" + 385 ((SecurityObject)permission).getName() + "'"); 386 } 387 } 388 389 /*** 390 * Revokes a Permission from a Role. 391 * 392 * @param role the Role. 393 * @param permission the Permission. 394 * @throws DataBackendException if there was an error accessing the data backend. 395 * @throws UnknownEntityException if role or permission is not present. 396 */ 397 public synchronized void revoke( Role role, Permission permission ) 398 throws DataBackendException, UnknownEntityException 399 { 400 boolean roleExists = false; 401 boolean permissionExists = false; 402 try 403 { 404 lockExclusive(); 405 roleExists=checkExists(role); 406 permissionExists=checkExists(permission); 407 if(roleExists && permissionExists) 408 { 409 Criteria criteria = new Criteria(); 410 criteria.add(RolePermissionPeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey()); 411 criteria.add(RolePermissionPeer.PERMISSION_ID, 412 ((BaseObject)permission).getPrimaryKey()); 413 RolePermissionPeer.doDelete(criteria); 414 return; 415 } 416 } 417 catch(Exception e) 418 { 419 throw new DataBackendException("revoke(Role,Permission) failed", e); 420 } 421 finally 422 { 423 unlockExclusive(); 424 } 425 if(!roleExists) 426 { 427 throw new UnknownEntityException("Unknown role '" + 428 role.getName() + "'"); 429 } 430 if(!permissionExists) 431 { 432 throw new UnknownEntityException("Unknown permission '" + 433 ((SecurityObject)permission).getName() + "'"); 434 } 435 } 436 437 /*** 438 * Revokes all permissions from a Role. 439 * 440 * This method is user when deleting a Role. 441 * 442 * @param role the Role 443 * @throws DataBackendException if there was an error accessing the data backend. 444 * @throws UnknownEntityException if the Role is not present. 445 */ 446 public synchronized void revokeAll( Role role ) 447 throws DataBackendException, UnknownEntityException 448 { 449 boolean roleExists = false; 450 try 451 { 452 lockExclusive(); 453 roleExists=checkExists(role); 454 if(roleExists) 455 { 456 // The following would not work, due to an annoying misfeature of Village. 457 // see revokeAll( user ) 458 459 // Criteria criteria = new Criteria(); 460 // criteria.add(RolePermissionPeer.ROLE_ID, role.getPrimaryKey()); 461 // RolePermissionPeer.doDelete(criteria); 462 463 int id = ((TurbineRole)role).getPrimaryKeyAsInt(); 464 RolePermissionPeer.deleteAll(RolePermissionPeer.TABLE_NAME, 465 RolePermissionPeer.ROLE_ID, id); 466 return; 467 } 468 } 469 catch(Exception e) 470 { 471 throw new DataBackendException("revokeAll(Role) failed", e); 472 } 473 finally 474 { 475 unlockExclusive(); 476 } 477 throw new UnknownEntityException("Unknown role '" + role.getName() + "'"); 478 } 479 480 /*----------------------------------------------------------------------- 481 Group/Role/Permission management 482 -----------------------------------------------------------------------*/ 483 484 /*** 485 * Retrieve a set of Groups that meet the specified Criteria. 486 * 487 * @param a Criteria of Group selection. 488 * @return a set of Groups that meet the specified Criteria. 489 */ 490 public GroupSet getGroups( Criteria criteria ) 491 throws DataBackendException 492 { 493 Criteria dbCriteria = new Criteria(); 494 Iterator keys = criteria.keySet().iterator(); 495 while(keys.hasNext()) 496 { 497 String key = (String)keys.next(); 498 dbCriteria.put(GroupPeer.getColumnName(key), criteria.get(key)); 499 } 500 List groups = new ArrayList(0); 501 try 502 { 503 groups = GroupPeer.doSelect(criteria); 504 } 505 catch(Exception e) 506 { 507 throw new DataBackendException("getGroups(Criteria) failed", e); 508 } 509 return new GroupSet(groups); 510 } 511 512 /*** 513 * Retrieve a set of Roles that meet the specified Criteria. 514 * 515 * @param a Criteria of Roles selection. 516 * @return a set of Roles that meet the specified Criteria. 517 */ 518 public RoleSet getRoles( Criteria criteria ) 519 throws DataBackendException 520 { 521 Criteria dbCriteria = new Criteria(); 522 Iterator keys = criteria.keySet().iterator(); 523 while(keys.hasNext()) 524 { 525 String key = (String)keys.next(); 526 dbCriteria.put(RolePeer.getColumnName(key), criteria.get(key)); 527 } 528 List roles = new ArrayList(0); 529 try 530 { 531 roles = RolePeer.doSelect(criteria); 532 } 533 catch(Exception e) 534 { 535 throw new DataBackendException("getRoles(Criteria) failed", e); 536 } 537 return new RoleSet(roles); 538 } 539 540 /*** 541 * Retrieve a set of Permissions that meet the specified Criteria. 542 * 543 * @param a Criteria of Permissions selection. 544 * @return a set of Permissions that meet the specified Criteria. 545 */ 546 public PermissionSet getPermissions(Criteria criteria) 547 throws DataBackendException 548 { 549 Criteria dbCriteria = new Criteria(); 550 Iterator keys = criteria.keySet().iterator(); 551 while(keys.hasNext()) 552 { 553 String key = (String)keys.next(); 554 dbCriteria.put(PermissionPeer.getColumnName(key), criteria.get(key)); 555 } 556 List permissions = new Vector(0); 557 try 558 { 559 permissions = PermissionPeer.doSelect(criteria); 560 } 561 catch(Exception e) 562 { 563 throw new DataBackendException("getPermissions(Criteria) failed", e); 564 } 565 return new PermissionSet(permissions); 566 } 567 568 /*** 569 * Retrieves all permissions associated with a role. 570 * 571 * @param role the role name, for which the permissions are to be retrieved. 572 * @throws DataBackendException if there was an error accessing the data backend. 573 * @throws UnknownEntityException if the role is not present. 574 */ 575 public PermissionSet getPermissions( Role role ) 576 throws DataBackendException, UnknownEntityException 577 { 578 boolean roleExists = false; 579 try 580 { 581 lockShared(); 582 roleExists = checkExists(role); 583 if(roleExists) 584 { 585 return PermissionPeer.retrieveSet(role); 586 } 587 } 588 catch(Exception e) 589 { 590 throw new DataBackendException("getPermissions(Role) failed", e); 591 } 592 finally 593 { 594 unlockShared(); 595 } 596 throw new UnknownEntityException("Unknown role '" + 597 role.getName() + "'"); 598 } 599 600 /*** 601 * Stores Group's attributes. The Groups is required to exist in the system. 602 * 603 * @param group The Group to be stored. 604 * @throws DataBackendException if there was an error accessing the data backend. 605 * @throws UnknownEntityException if the group does not exist. 606 */ 607 public void saveGroup( Group group ) 608 throws DataBackendException, UnknownEntityException 609 { 610 boolean groupExists = false; 611 try 612 { 613 groupExists = checkExists(group); 614 if(groupExists) 615 { 616 Criteria criteria = GroupPeer.buildCriteria(group); 617 GroupPeer.doUpdate(criteria); 618 return; 619 } 620 } 621 catch(Exception e) 622 { 623 throw new DataBackendException("saveGroup(Group) failed" ,e); 624 } 625 throw new UnknownEntityException("Unknown group '" + group + "'"); 626 } 627 628 /*** 629 * Stores Role's attributes. The Roles is required to exist in the system. 630 * 631 * @param role The Role to be stored. 632 * @throws DataBackendException if there was an error accessing the data backend. 633 * @throws UnknownEntityException if the role does not exist. 634 */ 635 public void saveRole( Role role ) 636 throws DataBackendException, UnknownEntityException 637 { 638 boolean roleExists = false; 639 try 640 { 641 roleExists = checkExists(role); 642 if(roleExists) 643 { 644 Criteria criteria = RolePeer.buildCriteria(role); 645 RolePeer.doUpdate(criteria); 646 return; 647 } 648 } 649 catch(Exception e) 650 { 651 throw new DataBackendException("saveRole(Role) failed", e); 652 } 653 throw new UnknownEntityException("Unknown role '" + role + "'"); 654 } 655 656 /*** 657 * Stores Permission's attributes. The Permissions is required to exist in the system. 658 * 659 * @param permission The Permission to be stored. 660 * @throws DataBackendException if there was an error accessing the data backend. 661 * @throws UnknownEntityException if the permission does not exist. 662 */ 663 public void savePermission( Permission permission ) 664 throws DataBackendException, UnknownEntityException 665 { 666 boolean permissionExists = false; 667 try 668 { 669 permissionExists = checkExists(permission); 670 if(permissionExists) 671 { 672 Criteria criteria = PermissionPeer.buildCriteria(permission); 673 PermissionPeer.doUpdate(criteria); 674 return; 675 } 676 } 677 catch(Exception e) 678 { 679 throw new DataBackendException("savePermission(Permission) failed", e); 680 } 681 throw new UnknownEntityException("Unknown permission '" + permission + "'"); 682 } 683 684 /*** 685 * Retrieves a new Group. It creates 686 * a new Group based on the Services Group implementation. It does not 687 * create a new Group in the system though. Use create for that. 688 * 689 * @param groupName The name of the Group to be retrieved. 690 */ 691 public Group getNewGroup( String groupName ) 692 { 693 return (Group) new TurbineGroup(groupName); 694 } 695 696 /*** 697 * Retrieves a new Role. It creates 698 * a new Role based on the Services Role implementation. It does not 699 * create a new Role in the system though. Use create for that. 700 * 701 * @param roleName The name of the Role to be retrieved. 702 */ 703 public Role getNewRole( String roleName ) 704 { 705 return (Role) new TurbineRole(roleName); 706 } 707 708 /*** 709 * Retrieves a new Permission. It creates 710 * a new Permission based on the Services Permission implementation. It does not 711 * create a new Permission in the system though. Use create for that. 712 * 713 * @param permissionName The name of the Permission to be retrieved. 714 */ 715 public Permission getNewPermission( String permissionName ) 716 { 717 return (Permission) new TurbinePermission(permissionName); 718 } 719 720 /*** 721 * Creates a new group with specified attributes. 722 * 723 * @param group the object describing the group to be created. 724 * @return a new Group object that has id set up properly. 725 * @throws DataBackendException if there was an error accessing the data backend. 726 * @throws EntityExistsException if the group already exists. 727 */ 728 public synchronized Group addGroup( Group group ) 729 throws DataBackendException, EntityExistsException 730 { 731 boolean groupExists = false; 732 try 733 { 734 lockExclusive(); 735 groupExists = checkExists(group); 736 if(!groupExists) 737 { 738 // add a row to the table 739 Criteria criteria = GroupPeer.buildCriteria(group); 740 GroupPeer.doInsert(criteria); 741 // try to get the object back using the name as key. 742 criteria = new Criteria(); 743 criteria.add(GroupPeer.NAME, ((SecurityObject)group).getName()); 744 List results = GroupPeer.doSelect(criteria); 745 if(results.size() != 1) 746 { 747 throw new DataBackendException( 748 "Internal error - query returned " + 749 results.size() + " rows"); 750 } 751 Group newGroup = (Group)results.get(0); 752 // add the group to system-wide cache 753 getAllGroups().add(newGroup); 754 // return the object with correct id 755 return newGroup; 756 } 757 } 758 catch(Exception e) 759 { 760 throw new DataBackendException("addGroup(Group) failed", e); 761 } 762 finally 763 { 764 unlockExclusive(); 765 } 766 // the only way we could get here without return/throw tirggered 767 // is that the groupExists was true. 768 throw new EntityExistsException("Group '" + group + 769 "' already exists"); 770 } 771 772 /*** 773 * Creates a new role with specified attributes. 774 * 775 * @param role the object describing the role to be created. 776 * @return a new Role object that has id set up properly. 777 * @throws DataBackendException if there was an error accessing the data backend. 778 * @throws EntityExistsException if the role already exists. 779 */ 780 public synchronized Role addRole( Role role ) 781 throws DataBackendException, EntityExistsException 782 { 783 boolean roleExists = false; 784 try 785 { 786 lockExclusive(); 787 roleExists = checkExists(role); 788 if(!roleExists) 789 { 790 // add a row to the table 791 Criteria criteria = RolePeer.buildCriteria(role); 792 RolePeer.doInsert(criteria); 793 // try to get the object back using the name as key. 794 criteria = new Criteria(); 795 criteria.add(RolePeer.NAME, role.getName()); 796 List results = RolePeer.doSelect(criteria); 797 if(results.size() != 1) 798 { 799 throw new DataBackendException( 800 "Internal error - query returned " + 801 results.size() + " rows"); 802 } 803 Role newRole = (Role)results.get(0); 804 // add the role to system-wide cache 805 getAllRoles().add(newRole); 806 // return the object with correct id 807 return newRole; 808 } 809 } 810 catch(Exception e) 811 { 812 throw new DataBackendException("addRole(Role) failed", e); 813 } 814 finally 815 { 816 unlockExclusive(); 817 } 818 // the only way we could get here without return/throw tirggered 819 // is that the roleExists was true. 820 throw new EntityExistsException("Role '" + role + "' already exists"); 821 } 822 823 /*** 824 * Creates a new permission with specified attributes. 825 * 826 * @param permission the object describing the permission to be created. 827 * @return a new Permission object that has id set up properly. 828 * @throws DataBackendException if there was an error accessing the data backend. 829 * @throws EntityExistsException if the permission already exists. 830 */ 831 public synchronized Permission addPermission( Permission permission ) 832 throws DataBackendException, EntityExistsException 833 { 834 boolean permissionExists = false; 835 try 836 { 837 lockExclusive(); 838 permissionExists = checkExists(permission); 839 if(!permissionExists) 840 { 841 // add a row to the table 842 Criteria criteria = PermissionPeer.buildCriteria(permission); 843 PermissionPeer.doInsert(criteria); 844 // try to get the object back using the name as key. 845 criteria = new Criteria(); 846 criteria.add(PermissionPeer.NAME, 847 ((SecurityObject)permission).getName()); 848 List results = PermissionPeer.doSelect(criteria); 849 if(results.size() != 1) 850 { 851 throw new DataBackendException( 852 "Internal error - query returned " + 853 results.size() + " rows"); 854 } 855 Permission newPermission = (Permission)results.get(0); 856 // add the permission to system-wide cache 857 getAllPermissions().add(newPermission); 858 // return the object with correct id 859 return newPermission; 860 } 861 } 862 catch(Exception e) 863 { 864 throw new DataBackendException("addPermission(Permission) failed", e); 865 } 866 finally 867 { 868 unlockExclusive(); 869 } 870 // the only way we could get here without return/throw tirggered 871 // is that the permissionExists was true. 872 throw new EntityExistsException("Permission '" + permission + 873 "' already exists"); 874 } 875 876 /*** 877 * Removes a Group from the system. 878 * 879 * @param the object describing group to be removed. 880 * @throws DataBackendException if there was an error accessing the data backend. 881 * @throws UnknownEntityException if the group does not exist. 882 */ 883 public synchronized void removeGroup( Group group ) 884 throws DataBackendException, UnknownEntityException 885 { 886 boolean groupExists = false; 887 try 888 { 889 lockExclusive(); 890 groupExists = checkExists(group); 891 if(groupExists) 892 { 893 Criteria criteria = GroupPeer.buildCriteria(group); 894 GroupPeer.doDelete(criteria); 895 getAllGroups().remove(group); 896 return; 897 } 898 } 899 catch(Exception e) 900 { 901 Log.error("Failed to delete a Group"); 902 Log.error(e); 903 throw new DataBackendException("removeGroup(Group) failed", e); 904 } 905 finally 906 { 907 unlockExclusive(); 908 } 909 throw new UnknownEntityException("Unknown group '" + group + "'"); 910 } 911 912 /*** 913 * Removes a Role from the system. 914 * 915 * @param the object describing role to be removed. 916 * @throws DataBackendException if there was an error accessing the data backend. 917 * @throws UnknownEntityException if the role does not exist. 918 */ 919 public synchronized void removeRole( Role role ) 920 throws DataBackendException, UnknownEntityException 921 { 922 boolean roleExists = false; 923 try 924 { 925 lockExclusive(); 926 roleExists = checkExists(role); 927 if(roleExists) 928 { 929 // revoke all permissions from the role to be deleted 930 revokeAll(role); 931 Criteria criteria = RolePeer.buildCriteria(role); 932 RolePeer.doDelete(criteria); 933 getAllRoles().remove(role); 934 return; 935 } 936 } 937 catch(Exception e) 938 { 939 throw new DataBackendException("removeRole(Role)" ,e); 940 } 941 finally 942 { 943 unlockExclusive(); 944 } 945 throw new UnknownEntityException("Unknown role '" + role + "'"); 946 } 947 948 /*** 949 * Removes a Permission from the system. 950 * 951 * @param the object describing permission to be removed. 952 * @throws DataBackendException if there was an error accessing the data backend. 953 * @throws UnknownEntityException if the permission does not exist. 954 */ 955 public synchronized void removePermission( Permission permission ) 956 throws DataBackendException, UnknownEntityException 957 { 958 boolean permissionExists = false; 959 try 960 { 961 lockExclusive(); 962 permissionExists = checkExists(permission); 963 if(permissionExists) 964 { 965 Criteria criteria = PermissionPeer.buildCriteria(permission); 966 PermissionPeer.doDelete(criteria); 967 getAllPermissions().remove(permission); 968 return; 969 } 970 } 971 catch(Exception e) 972 { 973 throw new DataBackendException("removePermission(Permission)" ,e); 974 } 975 finally 976 { 977 unlockExclusive(); 978 } 979 throw new UnknownEntityException("Unknown permission '" + 980 permission + "'"); 981 } 982 983 /*** 984 * Renames an existing Group. 985 * 986 * @param the object describing the group to be renamed. 987 * @param name the new name for the group. 988 * @throws DataBackendException if there was an error accessing the data backend. 989 * @throws UnknownEntityException if the group does not exist. 990 */ 991 public synchronized void renameGroup( Group group, String name ) 992 throws DataBackendException, UnknownEntityException 993 { 994 boolean groupExists = false; 995 try 996 { 997 lockExclusive(); 998 groupExists = checkExists(group); 999 if(groupExists) 1000 { 1001 ((SecurityObject)group).setName(name); 1002 Criteria criteria = GroupPeer.buildCriteria(group); 1003 GroupPeer.doUpdate(criteria); 1004 return; 1005 } 1006 } 1007 catch(Exception e) 1008 { 1009 throw new DataBackendException("renameGroup(Group,String)" ,e); 1010 } 1011 finally 1012 { 1013 unlockExclusive(); 1014 } 1015 throw new UnknownEntityException("Unknown group '" + group + "'"); 1016 } 1017 1018 /*** 1019 * Renames an existing Role. 1020 * 1021 * @param the object describing the role to be renamed. 1022 * @param name the new name for the role. 1023 * @throws DataBackendException if there was an error accessing the data backend. 1024 * @throws UnknownEntityException if the role does not exist. 1025 */ 1026 public synchronized void renameRole( Role role, String name ) 1027 throws DataBackendException, UnknownEntityException 1028 { 1029 boolean roleExists = false; 1030 try 1031 { 1032 lockExclusive(); 1033 roleExists = checkExists(role); 1034 if(roleExists) 1035 { 1036 role.setName(name); 1037 Criteria criteria = RolePeer.buildCriteria(role); 1038 RolePeer.doUpdate(criteria); 1039 return; 1040 } 1041 } 1042 catch(Exception e) 1043 { 1044 throw new DataBackendException("renameRole(Role,String)" ,e); 1045 } 1046 finally 1047 { 1048 unlockExclusive(); 1049 } 1050 throw new UnknownEntityException("Unknown role '" + role + "'"); 1051 } 1052 1053 /*** 1054 * Renames an existing Permission. 1055 * 1056 * @param the object describing the permission to be renamed. 1057 * @param name the new name for the permission. 1058 * @throws DataBackendException if there was an error accessing the data backend. 1059 * @throws UnknownEntityException if the permission does not exist. 1060 */ 1061 public synchronized void renamePermission( Permission permission, String name ) 1062 throws DataBackendException, UnknownEntityException 1063 { 1064 boolean permissionExists = false; 1065 try 1066 { 1067 lockExclusive(); 1068 permissionExists = checkExists(permission); 1069 if(permissionExists) 1070 { 1071 ((SecurityObject)permission).setName(name); 1072 Criteria criteria = PermissionPeer.buildCriteria(permission); 1073 PermissionPeer.doUpdate(criteria); 1074 return; 1075 } 1076 } 1077 catch(Exception e) 1078 { 1079 throw new DataBackendException("renamePermission(Permission,name)", e); 1080 } 1081 finally 1082 { 1083 unlockExclusive(); 1084 } 1085 throw new UnknownEntityException("Unknown permission '" + 1086 permission + "'"); 1087 } 1088 1089 /*** Service specific implementation methods */ 1090 1091 /*** 1092 * Returns the Class object for the implementation of UserPeer interface 1093 * used by the system (defined in TR.properties) 1094 * 1095 * @return the implementation of UserPeer interface used by the system. 1096 * @throws UnknownEntityException if the system's implementation of UserPeer 1097 * interface could not be determined. 1098 */ 1099 public Class getUserPeerClass() throws UnknownEntityException 1100 { 1101 String userPeerClassName = getProperties().getProperty( 1102 USER_PEER_CLASS_KEY, USER_PEER_CLASS_DEFAULT); 1103 try 1104 { 1105 return Class.forName(userPeerClassName); 1106 } 1107 catch(Exception e) 1108 { 1109 throw new UnknownEntityException( 1110 "Failed create a Class object for UserPeer implementation", e); 1111 } 1112 } 1113 1114 /*** 1115 * Construct a UserPeer object. 1116 * 1117 * This method calls getUserPeerClass, and then creates a new object using 1118 * the default constructor. 1119 * 1120 * @return an object implementing UserPeer interface. 1121 * @throws UnknownEntityException if the object could not be instantiated. 1122 */ 1123 public UserPeer getUserPeerInstance() throws UnknownEntityException 1124 { 1125 UserPeer up; 1126 try 1127 { 1128 up = (UserPeer)getUserPeerClass().newInstance(); 1129 } 1130 catch(Exception e) 1131 { 1132 throw new UnknownEntityException( 1133 "Failed instantiate an UserPeer implementation object", e); 1134 } 1135 return up; 1136 } 1137 1138 1139 /*** 1140 * Determines if the <code>Group</code> exists in the security system. 1141 * 1142 * @param group a <code>Group</code> value 1143 * @return true if the group exists in the system, false otherwise 1144 * @throws DataBackendException when more than one Group with 1145 * the same name exists. 1146 * @throws Exception, a generic exception. 1147 */ 1148 protected boolean checkExists(Group group) 1149 throws DataBackendException, Exception 1150 { 1151 return GroupPeer.checkExists(group); 1152 } 1153 1154 /*** 1155 * Determines if the <code>Role</code> exists in the security system. 1156 * 1157 * @param role a <code>Role</code> value 1158 * @return true if the role exists in the system, false otherwise 1159 * @throws DataBackendException when more than one Role with 1160 * the same name exists. 1161 * @throws Exception, a generic exception. 1162 */ 1163 protected boolean checkExists(Role role) 1164 throws DataBackendException, Exception 1165 { 1166 return RolePeer.checkExists(role); 1167 } 1168 1169 /*** 1170 * Determines if the <code>Permission</code> exists in the security system. 1171 * 1172 * @param permission a <code>Permission</code> value 1173 * @return true if the permission exists in the system, false otherwise 1174 * @throws DataBackendException when more than one Permission with 1175 * the same name exists. 1176 * @throws Exception, a generic exception. 1177 */ 1178 protected boolean checkExists(Permission permission) 1179 throws DataBackendException, Exception 1180 { 1181 return PermissionPeer.checkExists(permission); 1182 } 1183 1184 }

This page was automatically generated by Maven